10-16-2013 9:24 PM
I am trying to move from TWC to AT&T and need to have static IP's. I have a block of 5 usable and have been working with AT&T Level 2 support to try and get them working. They cannot figure this out. I would prefer to setup bridge mode in the device and let my firewall do all the routing and protection. This is my current setup. I have tried a few different things since the AT&T Level 2 guys can't figure it out. I've read that this model does not do bridging well, if at all. I've tried the DMZ route and that assigned a completely different public IP to my device than what I was given. How do I configure this device to work the way I need it to? If I can't get this to work, I'm going to seriously cancel the service. I'm on day 5 of trying to get this working.
Any help is greatly appreciated.
Solved! Go to Solution.
05-29-2014 6:31 PM - edited 05-29-2014 6:32 PM
Yes, I agree that this Cascaded router setup is highly confusing:
1. Having public IP addresses on one side of a router, the Internet on the other side of the gateway, and an intervening RFC-1918 private IP network in between is counterintuitive. One would think that publically-addressed Internet packets could not (and should not) traverse a private network. However, this is actually a legal configuration given that the 2Wire router is prepared to route traffic over the private network.
2. Since you actually have another RFC-1918 private network behind your own router, the public IP addresses are actually completely virtual in that none of them are actually assigned to a physical LAN port on any device.
The cool part you have been able to do with this configuration is:
A) Be able to use your own router and static IP addresses behind it, which was never possible before the cascaded router option showed up in the last firmware update.
B) Cascaded router setup on the 2Wire + your 1:1 NAT configuration on your router essentially sidesteps the 2Wire routers' enforcement of 1:1 mappings between IP addresses and MAC addresses (i.e. no multihoming). You can now have all 5 of the public IP addresses usable within the same piece of hardware (the Zyxel router).
06-03-2015 10:15 AM
I have a question about the solution to this problem. If you configure the WAN of your firewall with a private IP from the 5031 pool then I would think that the firewall itself would use the dynamic public IP from the 5031 WAN side. So devices _behind_ the firewall would have static public IPs but the firewall itself would be using a NATed and dynamic IP. This would be a problem for me because I am currently running a VPN from the firewall and I need that the WAN side of the firewall also be static.
So it seems like you can have one static for your firewall _or_ 5 statics for devices behind the firewall but you can't have statics for both?
10-02-2016 9:02 PM
© 2016 AT&T Intellectual Property.This link will open a new window All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.
Congratulations! You earned the Liz badge!